--- title: "Ledger Hit by Fresh Data Leak Through Third-Party Payment Partner" date: 2026-01-05 author: "Barry Elad" featured_image: "https://sqmagazine.co.uk/wp-content/uploads/2026/01/ledger-confirms-data-leak-incident-through-third-party-payments.jpg" categories: - name: "Cryptocurrency" url: "/crypto.md" tags: - name: "News" url: "/tag/news.md" --- # Ledger Hit by Fresh Data Leak Through Third-Party Payment Partner Ledger customers are once again facing privacy concerns after the company confirmed a data breach involving its payment processor, Global-e. ## Quick Summary – TLDR: - Ledger disclosed a data breach caused by Global-e, which exposed customer names and contact info. - The breach did not impact user funds, wallet seed phrases, or private keys, according to Ledger. - This marks Ledger’s second known data incident involving customer data since 2020. - Security experts warn that leaked contact info can fuel phishing attacks targeting crypto users. ## What Happened? Hardware wallet maker **Ledger has confirmed** that personal data from its customers was leaked due to a **security breach at Global-e**, its payment and e-commerce partner. The breach, which Global-e identified as “**unusual activity**” in its cloud systems, resulted in unauthorized access to customer names and contact details. Although **Ledger’s hardware wallets and private keys remain secure**, the incident is still troubling, especially given Ledger’s history with third-party breaches. > Community alert: Ledger had another data breach via payment processor Global-e leaking the personal data of customers (name & other contact information). > > Earlier today customers received the email below. [pic.twitter.com/RKVbv6BTGO](https://t.co/RKVbv6BTGO) > > — ZachXBT (@zachxbt) [January 5, 2026](https://twitter.com/zachxbt/status/2008139053544194545?ref_src=twsrc%5Etfw) ## Global-e Breach Compromises Ledger Customer Data On January 5, 2026, [Ledger](https://sqmagazine.co.uk/how-many-people-work-at-ledger/) began informing customers that **Global-e’s systems had been breached**, exposing personal data. While the companies did not disclose the number of affected users, the data includes names and **unspecified contact information**. Global-e stated that it had taken **immediate action to contain the breach** and hired independent forensic experts to investigate. Ledger reassured users that **no sensitive wallet-related data**, such as 24-word recovery phrases or blockchain balances, was exposed. Ledger emphasized that **Global-e does not have access** to this type of information. Still, **Ledger urged customers to stay alert**, avoid [phishing scams](https://sqmagazine.co.uk/phishing-email-statistics/), and never share their wallet recovery phrases. They also recommended users enable **Clear Signing** and use **Transaction Check** when managing blockchain transactions. ## Another Breach in a Series of Incidents This is **not the first time Ledger customers have suffered from leaked data**. Back in 2020, a third-party breach via [Shopify](https://sqmagazine.co.uk/shopify-statistics/) revealed the personal information of **270,000 Ledger users**, which led to widespread phishing attacks. Similarly, an earlier incident in April 2025 also involved unauthorized access, though details remain limited. These recurring incidents have drawn criticism about Ledger’s reliance on external vendors. Security analyst **ZachXBT**, who initially brought the breach to wider attention, warned crypto users against blindly trusting [hardware wallet](https://sqmagazine.co.uk/hardware-wallet-market-statistics/) companies. He also suggested using **fake personal details when buying wallets online** to minimize risks in case of future data leaks. ## What Data Was Exposed? While Ledger and Global-e have not shared specifics, the breach reportedly includes: - Customer **names** - Some form of **contact information** (email, phone, or physical address, though unspecified) There is **no evidence** that payment details or cryptocurrency holdings were compromised. ## Ledger’s Response Ledger stressed that **its platform, software, and hardware devices remain secure**. In a statement, the company said: “ This was not a breach of Ledger’s platform, hardware or software systems, which remain secure. Global-e does not have access to your 24 words, blockchain balance, or any secrets related to digital assets. Ledger The company added that it worked closely with Global-e to notify affected users and continues to monitor the situation. ## SQ Magazine’s Takeaway I’ve got to say, while it’s a relief that funds and seed phrases weren’t affected, **this is still a serious issue**. Contact details in the wrong hands can be just as dangerous in the crypto world. We’ve seen how easily phishing attacks can trick even careful users. Ledger may offer secure wallets, but **if the front-end services and third-party partners are vulnerable, the whole ecosystem feels shaky**. Honestly, it might be time for companies like Ledger to rethink how much user data they collect and how they manage third-party risks. As users, we’ve got to stay alert and keep our recovery phrases off every platform, no matter what.